How many SHA-256 hash calculations are counted in one "hash per second"?

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: Jim Hyslop on April 08, 2011, 11:35:44 PM

Quote from: casascius on April 08, 2011, 10:59:53 PM

Quote from: mrb on April 07, 2011, 04:09:33 AM

Quote from: cdhowie on April 06, 2011, 12:04:59 PM

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.

I don't think so. The first hash does not change with each trial. The nonce is the only that changes most of the time. That only influences the last hash. One hash is one SHA256 op the vast majority of the time.

Have another look at the pseudo code sipa posted. You'll see that there is another hash at the end.

The first hash op, which does not change for each trial, is labeled "update A1". The second hash op, which contains the nonce, is labeled "update A2". At that point, the hash algorithm is technically finished, and you could use that result. But for some reason which I haven't yet inquired about, Satoshi added another hash of the hash, which is B in the pseudo code.

So, why did Satoshi add that extra hash at the end? Is that a standard procedure for SHA-256?

I RTFM'd and stand corrected.

Jim Hyslop

member

Activity: 98

Merit: 20

Quote from: casascius on April 08, 2011, 10:59:53 PM

Quote from: mrb on April 07, 2011, 04:09:33 AM

Quote from: cdhowie on April 06, 2011, 12:04:59 PM

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.

I don't think so. The first hash does not change with each trial. The nonce is the only that changes most of the time. That only influences the last hash. One hash is one SHA256 op the vast majority of the time.

Have another look at the pseudo code sipa posted. You'll see that there is another hash at the end.

The first hash op, which does not change for each trial, is labeled "update A1". The second hash op, which contains the nonce, is labeled "update A2". At that point, the hash algorithm is technically finished, and you could use that result. But for some reason which I haven't yet inquired about, Satoshi added another hash of the hash, which is B in the pseudo code.

So, why did Satoshi add that extra hash at the end? Is that a standard procedure for SHA-256?

casascius

vip

Activity: 1386

Merit: 1140

The Casascius 1oz 10BTC Silver Round (w/ Gold B)

Quote from: mrb on April 07, 2011, 04:09:33 AM

Quote from: cdhowie on April 06, 2011, 12:04:59 PM

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.

I don't think so. The first hash does not change with each trial. The nonce is the only that changes most of the time. That only influences the last hash. One hash is one SHA256 op the vast majority of the time.

grondilu

legendary

Activity: 1288

Merit: 1080

2

cdhowie

full member

Activity: 182

Merit: 107

Quote from: mrb on April 07, 2011, 06:19:32 AM

You read incorrectly. It does not talk about RAM capacity, but RAM throughput ("A PC6400 (as in 6400 MByte/s) memory module is 6400 * 10^6 byte/s").

Ah, yes. My mistake.

Quote from: mrb on April 07, 2011, 06:19:32 AM

I challenge you to name a single item in that list that is false. You won't find any. Surprising, huh? Wink

As mentioned, disk storage capacity is measured one way by OSes and another by manufacturers. So it might not be false, but it's not really true either. More like contested.

The rest of the list does seem to lean towards decimal powers though. Shame.

mrb

legendary

Activity: 1512

Merit: 1028

Quote from: cdhowie on April 07, 2011, 04:24:42 AM

That link doesn't really prove anything though. Of course manufacturers use powers of 1000 -- they can claim that their hard drive is 300GB when it is, in fact, only 279GB as measured by pretty much every operating system. Also, AFAICT, the article is just plain wrong when it comes to RAM modules; if the amount of RAM on a chip were not a power of 2, it just plain wouldn't work.

You read incorrectly. It does not talk about RAM capacity, but RAM throughput ("A PC6400 (as in 6400 MByte/s) memory module is 6400 * 10^6 byte/s").

I challenge you to name a single item in that list that is false. You won't find any. Surprising, huh? Wink

Pieter Wuille

legendary

Activity: 1072

Merit: 1181

One "hash" as in the 600Mhash/s a graphics card does, corresponds to one sha256(sha256(block_header)). The block header is 80 bytes, which is padded to 128 bytes, and split into to 64-byte parts.

The actual algorithm (in pseudo-code) is:

Code:

doHash(block_header) {
hasher = new SHA256();
hasher.update(block_header[0..63]); // update A1
hasher.update(block_header[64..127]); // update A2
hash1 = hasher.getHash();
hasher.reset();
hasher.update(hash1); // update B
hash2 = hasher.getHash();
return hash2
}

So, when looking at the actual algorithm, there are 3 sha256 updates involved. However, since the nonce is in the second part of the block header, the state of the hasher after update A1 is precomputed once for the whole range of nonces, limiting it to only 2 updates (A2 and B).

However, there are still more optimizations involved. Each sha256 update consists of 64 rounds. In the first 3 of update A2, the nonce isn't used, so these can be precomputed as well. Furthermore, the last 2 or 3 rounds do not influence the highest bits of the resulting hash (which are used for determining whether it passed the difficulty test), so these can be skipped as well.

Bottom line: a 600MH/s device, is actually doing 600000000*120 sha256 rounds per second. This roughly corresponds to doing 1125 million separate sha256 hashes (of data blocks < 64 bytes).

And yes, M stands for 1000000 here, not 1048576.

cdhowie

full member

Activity: 182

Merit: 107

Quote from: mrb on April 07, 2011, 04:09:33 AM

When you think about it, decimal prefixes are more common that binary prefixes even in the computer industry Wink

That link doesn't really prove anything though. Of course manufacturers use powers of 1000 -- they can claim that their hard drive is 300GB when it is, in fact, only 279GB as measured by pretty much every operating system. Also, AFAICT, the article is just plain wrong when it comes to RAM modules; if the amount of RAM on a chip were not a power of 2, it just plain wouldn't work. Such statements can only be made by people who don't know how memory is addressed.

So, sorry, but I'm still not convinced.

mrb

legendary

Activity: 1512

Merit: 1028

Quote from: cdhowie on April 06, 2011, 12:04:59 PM

1.2 billion SHA-256 block transformations per second, yeah.

That is correct. 1 "bitcoin hash" is defined as 2 SHA-256 hashes.

Quote from: cdhowie on April 06, 2011, 12:04:59 PM

I'm still unclear if 1Mhash is 1000 or 1024 trials. In terms of storage, OSes measure kB/MB etc. as powers of 1024 (which is in turn 2^10)

When you think about it, decimal prefixes are more common that binary prefixes even in the computer industry Wink

Alexium

newbie

Activity: 22

Merit: 0

Quote from: cdhowie on April 06, 2011, 12:04:59 PM

I'm still unclear if 1Mhash is 1000 or 1024 trials.

Should be 1000.

cdhowie

full member

Activity: 182

Merit: 107

Quote from: ttul on April 06, 2011, 12:01:26 PM

This makes sense. So it's not really hashes per second, but trials per second or something like that. So a GPU that is rated at 600 MHash/second is actually doing 1.2 billion SHA-256 checksums per second.

1.2 billion SHA-256 block transformations per second, yeah. I'm still unclear if 1Mhash is 1000 or 1024 trials. In terms of storage, OSes measure kB/MB etc. as powers of 1024 (which is in turn 2^10) since converting can be done by simply shifting bits. So I tend to lean that way, but I've never really checked to see which convention is used in the BTC mining world.

ttul

member

Activity: 70

Merit: 10

This makes sense. So it's not really hashes per second, but trials per second or something like that. So a GPU that is rated at 600 MHash/second is actually doing 1.2 billion SHA-256 checksums per second.

cdhowie

full member

Activity: 182

Merit: 107

Quote from: ttul on April 06, 2011, 11:53:45 AM

So, when the community talks about hashes per second, is it literally SHA-256 hashes per second, or is it SHA-256 trials per second (i.e. tests against the target difficulty value)?

Pretty sure it's complete trials, not individual hashes. A more accurate term might be nonces checked per second.

ttul

member

Activity: 70

Merit: 10

When the hashing strength of the bitcoin network is advertised, it's advertised in "GHash/s". Does this mean if the hashing strength is 600GHash/s that the network is doing 600 billion SHA-256 hash calculations per second?

Because in the Bitcoin algorithm, each trial of a particular hash requires two SHA-256 steps: the first to calculate the SHA-256 checksum of the block, and the second to calculate the SHA-256 checksum of this checksum result (i.e. a "hash of a hash").

So, when the community talks about hashes per second, is it literally SHA-256 hashes per second, or is it SHA-256 trials per second (i.e. tests against the target difficulty value)?

Thanks!

Topic: How many SHA-256 hash calculations are counted in one "hash per second"? (Read 7912 times)